Risk management, strategy and analysis from DeloitteCONTENT FROM OUR SPONSORPlease note: The Wall Street Journal News Department was not involved in the creation of the content below.

Text Size

Regular

Medium

Large

Google+

Print

Applying Analytics to Risk Management: Five Issues to Consider

For virtually anyone working in the area of risk management, analytics isn’t new. Risk professionals have been using analytics tools for years. But many have noted a resurgence of interest in the application of analytics to risk management challenges, and with good reason. There is a renaissance in analytics technology underway today, and it arrives just as the issue of risk takes on an even higher profile for leaders across industries.

It can be challenging to separate the hype from the reality when it comes to analytics and risk management. Vivek Katyal, principal, Deloitte Consulting LLP, answers five questions risk leaders frequently ask today about how best to apply an analytics approach to the job of risk management.

Question

Vivek Katyal’s Take

How do you measure and quantify risk?

There is no exact science for measuring risk. But with analytics, you can build measurement parameters that can help you establish and examine likely risk scenarios. From there, it’s easier to understand the potential impact of a risk – and start planning around it.Along the way, analytics can help establish a baseline of data for measuring risk across the organization by pulling together many strands of risk into one unified system.

Haven’t we been using analytics for years? Is there anything new here?

Yes, you probably have been using analytics – or some version of it – for years. On the most fundamental level, it’s the same. But when it comes to the level of sophistication, there’s a world of difference. Historically, analytics has been synonymous with business Intelligence – knowing the facts and reporting past and current performance. But today risk analytics is more focused on data exploration, segmentation, statistical clustering, predictive modeling, and event simulation and scenario analysis.

Having a dedicated ERM team is a huge asset that can provide a good foundation for managing risk. But in many organizations, the ERM function frequently operates as a standalone unit. These days, senior management and leadership not only require business-wide visibility into the potential risks to their business strategy, but also the ability to use structured and unstructured data to better understand the potential impact of a range of risks. By embedding analytics into the ERM delivery approach, they can monitor performance through risk sensitivity analysis, model key risk events scenarios, and become more Risk Intelligent in developing intervention and mitigation strategies.

Can analytics help with financial statements and reporting?

There’s a lot of natural overlap between analytics and financial reporting, and as a result they tend to feed one another. For example, analytics can offer insights into the characteristics and posting of journal entries, eventually helping identify inappropriate accounting, control overrides, or inefficient processes. Rules and controls aren’t the only areas that stand to benefit. Statistical methods can help define a transaction profile that detects new fraud schemes while limiting the follow-up resulting from false detections. When it comes to enhancing the accuracy and quality of forecasts and improving reporting mechanisms, analytics can offer a significant boost.

What role can analytics play in meeting regulatory requirements?

Regulators continue to question the integrity and timeliness of data being reported to them. In the current environment, market pressures for better risk-adjusted performance present a strong case for the use of analytics in risk management. Regulatory demands, such as stress testing, systemic risk,Dodd Frank, living wills, and food and product safety, require analytics driven approach. An analytics-driven approach can be used to measure the risk characteristics of each business line and product, as well as define common metrics for measuring enterprise-wide, risk-adjusted performance and risk profile.

A Closer Look at Risk Modeling

What happens when there isn’t enough data to analyze? In risk management, the ability to anticipate and avoid risks, as well as take smart risks to drive value, is no small matter. But of course we don’t always enjoy the luxury of having relevant data to understand future events. In these situations, is there really a role for analytics to play? Yes, according to Mark Carey, partner, Deloitte & Touche LLP, and leader of the U.S. Governance and Risk Strategies services for commercial and public sector industries within Audit and Enterprise Risk Services.

Traditional analytics can be instrumental when it comes to better understanding past events or risks that occur with a high degree of frequency. But for forward-looking “what-if” scenarios and strategic risks, modeling is a related approach that can deliver valuable insights. What’s the difference between risk analytics and risk modeling? The type of data they use. Risk modeling organizes bits and pieces of information drawn from a wide range of similar scenarios that have already played out to assemble a big-picture view of scenarios that are likely to occur in the future. That can be particularly helpful when weighing strategy-level risks that may shape an organization’s future. The more abstract the risks, the more modeling may be of use.

Modeling can also be a good option when an organization is grappling with massive complexity. In a large company with many different types of businesses, even if data on each line of business is available, the task of assembling and using that data to better understand risk may be virtually impossible. For large, complex systems, risk modeling may offer a more direct path to the insights needed to make smarter decisions.

Risk modeling shouldn’t be considered a replacement for risk analytics, notes Mr. Carey. Instead, he suggests that it be viewed as another tool in the analytical arsenal—one that is best used when executives need to make more informed decisions on forward-looking issues of strategic importance, but don’t have traditional data sources to draw from.

Related Deloitte Insights

The networked economy enables customers to drive choices and select preferences—fundamentally taking some of the power away from producers of goods and services. For organizations that embrace the networked economy there are opportunities to leverage the connections for business decisions for the extended enterprise, including amplifying connections through industry groups and capturing new revenue streams through innovation. Understand the risks organizations may face in a networked economy, as well as the trends that could allow businesses to benefit.

In response to business disruption stemming from economic upheaval, market evolution, regulatory demands and technological change many organizations are developing risk-sensing programs that use human insights and advanced analytics capabilities to identify, analyze and monitor emerging risks. However, understanding which events pose the greatest opportunity, not just the greatest risk, is important to developing effective risk sensing, which enables leaders to focus resources on what matters most.

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) recently proposed an update to its enterprise risk management (ERM) framework, in recognition of the need for a tighter alignment of risk management, performance and strategy. The new guidelines, which are out for public comment until September 30, 2016, aim to help organizations achieve their intended business objectives more effectively and attain better value from their ERM programs. The new ERM framework could become an important risk assessment tool, similar to the way the COSO internal control framework can be used to assess cyber or third-party risks.

Views & Analysis

Although board seats don’t become available all that often, as more organizations broaden their definition of diversity the pool of potential candidates is expanding. What does it take to land such a spot? Industry and international experience, a knowledge of risk and technology issues, and personal traits that range from intellectual curiosity to unassailable integrity are just some of the qualities and qualifications that matter. Learn how to assess your viability and what steps you might take to enhance your appeal to search committees.

Continued uncertainty about the economy and increased regulation across several industries have required a more informed and efficient use of capital. Working with management, the board of directors can play a fundamental role in the capital allocation process through its oversight function, including participating in strategy development, examining risks, comparing strategy to results and focusing on key investment terms. Understand how boards can help guide the capital allocation process by challenging business plans and strategy, and reviewing capital allocation alternatives, among other efforts.

As proxy season approaches, several governance issues and proposals are likely to emerge, reflecting shareholders’ increased attention to how companies’ stances on governance matters can impact shareholder value, according to Carol Schumacher, who has held roles as investor relations (IR) officer and corporate affairs officer at a Fortune 10. She discusses shareholders’ expectations for the governance information that management provides, and what IR can do to help companies respond, in a conversation with Sanford Cockrell III, U.S. national managing partner, CFO Program, Deloitte LLP.

Editor's Choice

Boards and C-suite executives overwhelmingly see risk as having an important role in value creation, but just 17% of respondents say they are actively using risk to drive returns, according to a new global survey from Deloitte. The survey also found that senior stakeholders want chief risk officers to spend significantly more time playing the strategist role, with a majority of respondents saying their risk officers should participate more in setting the strategic direction of the company and aligning risk management strategies accordingly.

Traditionally, internal audit (IA) has focused on providing assurance with respect to known risks and the effectiveness of controls in mitigating those risks. Regulators, however, are increasingly interested in an organization’s ability to identify blind spots and other vulnerabilities that may undermine the integrity of the risk management environment, including the risk of misconduct. IA functions can play a pivotal role by substantively testing culture and identifying potential risk-related outliers that may not be visible via other means, such as supervisory frameworks, escalations, compliance assessment and testing, and previous audits.

Identifying and managing strategic risks can be a difficult task. To add to the challenge, many companies have traditionally separated their risk and strategy functions and think of risk as more of a compliance responsibility rather than a dynamic tool for value creation, business performance management and growth. However, companies that align strategy and risk can be better served to allow for a process of “strategic resiliency,” which involves anticipating, knowing and acting on risks when introducing or executing new strategies as a way of increasing the chances of success in spite of uncertainty.

About Deloitte Insights

Deloitte’s Insights for C-suite executives and board members provide information and resources to help address the challenges of managing risk for both value creation and protection, as well as increasing compliance requirements.